E
Emile Coetzee
IIS/Tomcat 4 Admin and Manager - Can't Connect from IIS
Tomcat: 4.1.29
Windows 2000 Pro (IIS 5.0)
isapi_redirect.dll 1.2.5
JDK 1.4.2_02
I've setup IIS/Tomcat successfully. My webapp mappings are working correctly
with IIS as the front end. So I'm happy that everything is working as it
should.
I then started setting up the Admin and Manager tools. They work correctly
when connecting directly via Tomcat on port 8080 but if i connect via IIS i
get a 403 access denied error. From looking at the admin and manager logs
(debug 9) I found that there is a security check against GET which is true
when connecting via IIS and false when connecting via Tomcat. The IIS log
doesn't offer much insight.
I've done a bit of googling and some RTFMing but so far i've found no
solution. Is there anyway to fix this?
Sample from the Admin logs:
Access via Tomcat:
2004-01-12 10:42:50 StandardManager[/admin]: Seeding random number generator
class java.security.SecureRandom
2004-01-12 10:42:54 StandardManager[/admin]: Seeding of random number
generator has been completed
2004-01-12 10:42:55 StandardContext[/admin]: Posting standard context
attributes
2004-01-12 10:42:55 StandardContext[/admin]: Configuring application event
listeners
2004-01-12 10:42:55 StandardContext[/admin]: Sending application start
events
2004-01-12 10:42:55 StandardContext[/admin]: Starting filters
2004-01-12 10:42:55 StandardWrapper[/admin:default]: Loading container
servlet default
2004-01-12 10:43:14 StandardWrapper[/admin:invoker]: Loading container
servlet invoker
2004-01-12 10:43:15 StandardContext[/admin]: Starting completed
2004-01-12 10:44:25 Authenticator[/admin]: Security checking request GET
/admin
2004-01-12 10:44:25 Authenticator[/admin]: Checking constraint
'SecurityConstraint[Protected Area]' against GET --> false
2004-01-12 10:44:25 Authenticator[/admin]: No applicable constraint
located
2004-01-12 10:44:25 Authenticator[/admin]: Not subject to any constraint
2004-01-12 10:44:25 StandardContext[/admin]: Mapping contextPath='/admin'
with requestURI='/admin' and relativeURI=''
2004-01-12 10:44:25 StandardContext[/admin]: Trying exact match
2004-01-12 10:44:25 StandardContext[/admin]: Trying prefix match
2004-01-12 10:44:25 StandardContext[/admin]: Trying extension match
2004-01-12 10:44:25 StandardContext[/admin]: Trying default match
2004-01-12 10:44:25 StandardContext[/admin]: Mapped to servlet 'default'
with servlet path '' and path info 'null' and update=true
2004-01-12 10:44:25 Authenticator[/admin]: Security checking request GET
/admin/
2004-01-12 10:44:25 Authenticator[/admin]: Checking constraint
'SecurityConstraint[Protected Area]' against GET / --> false
Access via IIS:
2004-01-12 12:05:28 StandardContext[/admin]: Mapping contextPath='/admin'
with requestURI='/admin/' and relativeURI='/'
2004-01-12 12:05:28 StandardContext[/admin]: Trying exact match
2004-01-12 12:05:28 StandardContext[/admin]: Trying prefix match
2004-01-12 12:05:28 StandardContext[/admin]: Trying extension match
2004-01-12 12:05:28 StandardContext[/admin]: Trying default match
2004-01-12 12:05:28 StandardContext[/admin]: Mapped to servlet 'default'
with servlet path '/' and path info 'null' and update=true
2004-01-12 12:05:28 Authenticator[/admin]: Security checking request GET
/admin/index.jsp
2004-01-12 12:05:28 Authenticator[/admin]: Checking constraint
'SecurityConstraint[Protected Area]' against GET /index.jsp --> true
2004-01-12 12:05:28 Authenticator[/admin]: Subject to constraint
SecurityConstraint[Protected Area]
2004-01-12 12:05:28 Authenticator[/admin]: Calling checkUserData()
2004-01-12 12:05:28 Authenticator[/admin]: User data constraint has no
restrictions
2004-01-12 12:05:28 Authenticator[/admin]: Calling authenticate()
2004-01-12 12:05:28 Authenticator[/admin]: Already authenticated ''
2004-01-12 12:05:28 Authenticator[/admin]: Calling accessControl()
2004-01-12 12:05:28 Authenticator[/admin]: Failed accessControl() test
Regards
Emile
Tomcat: 4.1.29
Windows 2000 Pro (IIS 5.0)
isapi_redirect.dll 1.2.5
JDK 1.4.2_02
I've setup IIS/Tomcat successfully. My webapp mappings are working correctly
with IIS as the front end. So I'm happy that everything is working as it
should.
I then started setting up the Admin and Manager tools. They work correctly
when connecting directly via Tomcat on port 8080 but if i connect via IIS i
get a 403 access denied error. From looking at the admin and manager logs
(debug 9) I found that there is a security check against GET which is true
when connecting via IIS and false when connecting via Tomcat. The IIS log
doesn't offer much insight.
I've done a bit of googling and some RTFMing but so far i've found no
solution. Is there anyway to fix this?
Sample from the Admin logs:
Access via Tomcat:
2004-01-12 10:42:50 StandardManager[/admin]: Seeding random number generator
class java.security.SecureRandom
2004-01-12 10:42:54 StandardManager[/admin]: Seeding of random number
generator has been completed
2004-01-12 10:42:55 StandardContext[/admin]: Posting standard context
attributes
2004-01-12 10:42:55 StandardContext[/admin]: Configuring application event
listeners
2004-01-12 10:42:55 StandardContext[/admin]: Sending application start
events
2004-01-12 10:42:55 StandardContext[/admin]: Starting filters
2004-01-12 10:42:55 StandardWrapper[/admin:default]: Loading container
servlet default
2004-01-12 10:43:14 StandardWrapper[/admin:invoker]: Loading container
servlet invoker
2004-01-12 10:43:15 StandardContext[/admin]: Starting completed
2004-01-12 10:44:25 Authenticator[/admin]: Security checking request GET
/admin
2004-01-12 10:44:25 Authenticator[/admin]: Checking constraint
'SecurityConstraint[Protected Area]' against GET --> false
2004-01-12 10:44:25 Authenticator[/admin]: No applicable constraint
located
2004-01-12 10:44:25 Authenticator[/admin]: Not subject to any constraint
2004-01-12 10:44:25 StandardContext[/admin]: Mapping contextPath='/admin'
with requestURI='/admin' and relativeURI=''
2004-01-12 10:44:25 StandardContext[/admin]: Trying exact match
2004-01-12 10:44:25 StandardContext[/admin]: Trying prefix match
2004-01-12 10:44:25 StandardContext[/admin]: Trying extension match
2004-01-12 10:44:25 StandardContext[/admin]: Trying default match
2004-01-12 10:44:25 StandardContext[/admin]: Mapped to servlet 'default'
with servlet path '' and path info 'null' and update=true
2004-01-12 10:44:25 Authenticator[/admin]: Security checking request GET
/admin/
2004-01-12 10:44:25 Authenticator[/admin]: Checking constraint
'SecurityConstraint[Protected Area]' against GET / --> false
Access via IIS:
2004-01-12 12:05:28 StandardContext[/admin]: Mapping contextPath='/admin'
with requestURI='/admin/' and relativeURI='/'
2004-01-12 12:05:28 StandardContext[/admin]: Trying exact match
2004-01-12 12:05:28 StandardContext[/admin]: Trying prefix match
2004-01-12 12:05:28 StandardContext[/admin]: Trying extension match
2004-01-12 12:05:28 StandardContext[/admin]: Trying default match
2004-01-12 12:05:28 StandardContext[/admin]: Mapped to servlet 'default'
with servlet path '/' and path info 'null' and update=true
2004-01-12 12:05:28 Authenticator[/admin]: Security checking request GET
/admin/index.jsp
2004-01-12 12:05:28 Authenticator[/admin]: Checking constraint
'SecurityConstraint[Protected Area]' against GET /index.jsp --> true
2004-01-12 12:05:28 Authenticator[/admin]: Subject to constraint
SecurityConstraint[Protected Area]
2004-01-12 12:05:28 Authenticator[/admin]: Calling checkUserData()
2004-01-12 12:05:28 Authenticator[/admin]: User data constraint has no
restrictions
2004-01-12 12:05:28 Authenticator[/admin]: Calling authenticate()
2004-01-12 12:05:28 Authenticator[/admin]: Already authenticated ''
2004-01-12 12:05:28 Authenticator[/admin]: Calling accessControl()
2004-01-12 12:05:28 Authenticator[/admin]: Failed accessControl() test
Regards
Emile